c:\\windows\syswow64\msiexec.exe

how can i remove this kind of threat. every second it keeps popping up in my desktop. i feel nervous that my files might be affecting it.

object: https://disorderstatus.ru/order.php
infection: URL:mal
process: c:\windows\syswow64\msiexec.exe

please help me

OK I know this one it is always mutating

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

sir the webpage that you had recommended me to download the farbar recovery tool is not available. i keep on refreshing it once in awhile

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

why is that the threat doesn’t pop up anymore though i didn’t download yet the farbar. does this mean the threat had already removed?

If you want support, provide the logs as essexboy requested.

do i need to download the both version? or only one?

these were the results being scanned in the farbar…

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by User (administrator) on ACER (16-01-2016 01:10:11)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Hotspot\SMART BRO\CancelAutoPlay.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM.…\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-05-06] (Realtek Semiconductor)
HKLM-x32.…\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-08-20] (CyberLink)
HKLM-x32.…\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2010-08-20] (CyberLink Corp.)
HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-02] (AVAST Software)
HKLM-x32.…\Run: [CancelAutoPlay] => C:\Program Files (x86)\Hotspot\SMART BRO\CancelAutoPlay.exe [414544 2012-08-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM.…\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-07-23] (BitTorrent Inc.)
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\Run: [{AA891A77-AF23-4D04-BB94-E83CC9E15348}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp ‘HKCU:\Software\Classes\LHEDF’).WMWF)));
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {12af05da-62b8-11e4-bed5-8056f22cebf6} - “F:\launcher.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {163c8c2d-4afd-11e5-bf27-3065ec1e2f55} - “E:\AutoRun.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {1f0a8eb8-b239-11e3-be73-8056f22cebf6} - “E:\AutoRun.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {1f0a8f12-b239-11e3-be73-8056f22cebf6} - “E:\AutoRun.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {1f0a90bb-b239-11e3-be73-8056f22cebf6} - “E:\AutoRun.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {1f0a935c-b239-11e3-be73-8056f22cebf6} - “E:\AutoRun.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {802710b7-b36f-11e4-bef1-8056f22cebf6} - “E:\AutoRun.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001.…\MountPoints2: {955d6b98-6f5a-11e3-be6c-8056f22cebf6} - “E:\AutoRun.exe”
HKU\S-1-5-21-3497284572-2413806544-361628044-1001\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\system32\Bubbles.scr [898048 2012-07-25] (Microsoft Corporation)
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-02] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-12-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk → C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip..\Interfaces{0093104B-A383-4F81-BB1F-ED249BDD5DDF}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{4132243E-7EA1-4779-AC4C-A19B1162B1E4}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip..\Interfaces{EA7CBB76-1764-49C1-B940-58403E91371C}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1433470657&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=8e29edcbc8b869be7b66a65g6z6c3c8zag5q9g7t3g
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1433470657&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=8e29edcbc8b869be7b66a65g6z6c3c8zag5q9g7t3g
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3497284572-2413806544-361628044-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3497284572-2413806544-361628044-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-3497284572-2413806544-361628044-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-3497284572-2413806544-361628044-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM → DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM → {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms}
SearchScopes: HKLM-x32 → DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms}
SearchScopes: HKLM-x32 → {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms}
SearchScopes: HKLM-x32 → {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 → DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 → {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1419388413&from=wpm12233&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 → {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 → {D09CFF09-A42A-4EDC-9804-E61224F59CA1} URL = hxxp://search.naver.com/search.naver?where=nexearch&sm=ies_hty&query={searchTerms}&ie=utf8
BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: CIESpeechBHO Class → {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} → C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-27] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: No Name → {DBC80044-A445-435b-BC74-9C25C1C588A9} → No File
BHO-x32: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-29] (Oracle Corporation)
BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-27] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-29] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

===================

FireFox:

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default
FF NewTab: hxxp://www.v9.com?type=hp&ts=1441677153&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=4933e6422bcd86f1a14079egczczfgdq4o5ofw2b2b
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxps://ph.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: V9
FF Homepage: hxxp://www.v9.com?type=hp&ts=1441677153&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=4933e6422bcd86f1a14079egczczfgdq4o5ofw2b2b
FF Keyword.URL: hxxps://ph.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 → C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 → C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 → C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-01-04] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3497284572-2413806544-361628044-1001: @facebook.com/FBPlugin,version=1.0.3 → C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-05] ( )
FF Plugin HKU\S-1-5-21-3497284572-2413806544-361628044-1001: @naver.com/npNLiveCast → C:\Users\User\AppData\Roaming\Mozillia\Plugins\NPNLiveCast.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\NPNLiveCast.dll [2013-07-31] (NHN Corporation)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\searchplugins\v9-.xml [2015-08-11]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\searchplugins\yahoo-avast.xml [2014-11-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml [2014-12-23]
FF Extension: Settings Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\Extensions{08C62903-0610-0A70-DAB3-03B61D96B1A1} [2014-04-04] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32.…\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-02]
FF HKLM-x32.…\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\extensions\detgdp@gmail.com => not found
FF HKLM-x32.…\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\extensions\arthurj8283@gmail.com => not found
FF HKLM-x32.…\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-02]

Chrome:

CHR HomePage: Profile 4 → hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
CHR StartupUrls: Profile 4 → “hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl”
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Movies App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2015-08-24]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-24]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-24]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-24]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-24]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-24]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]
CHR Extension: (Security Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-08-24]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Movies App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2015-08-24]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-24]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-24]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-24]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-24]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-24]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]
CHR Extension: (Security Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-08-24]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Movies App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2015-08-24]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-24]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-24]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-24]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-24]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-24]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]
CHR Extension: (Security Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-08-24]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Movies App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2015-08-25]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-25]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-08]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]
CHR HKLM.…\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx
CHR HKLM-x32.…\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\User\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx [2014-04-18]
CHR HKLM-x32.…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-27]
CHR HKLM-x32.…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32.…\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-02] (AVAST Software)
S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-12-27] (Macrovision Europe Ltd.) [File not signed]
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [655712 2014-03-22] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-07] (Intel Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2010-06-15] () [File not signed]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2016-01-08] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
S2 UxTuneUp; %SystemRoot%\System32\uxtuneup.dll ===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-02] (AVAST Software)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3295984 2012-07-25] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-01-08] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-08] ()
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [223744 2014-03-22] (Huawei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-07] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-06] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; ??\C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg
S2 VBoxAswDrv; ??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 01:10 - 2016-01-16 01:10 - 00035403 _____ C:\Users\User\Downloads\FRST.txt
2016-01-16 01:09 - 2016-01-16 01:10 - 00000000 ____D C:\FRST
2016-01-16 01:05 - 2016-01-16 01:08 - 02370560 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-01-16 01:01 - 2016-01-16 01:01 - 26640936 _____ C:\Users\User\Downloads[ENG] 160112 BOMB- Hide and seek with JM, V, JK (#1).mp4.crdownload
2016-01-16 00:55 - 2016-01-16 00:55 - 31001734 _____ C:\Users\User\Downloads[ENG] 160108 BOMB- BTS 5th Win @ real last day of ‘RUN’.mp4.crdownload
2016-01-16 00:54 - 2016-01-16 01:02 - 23067068 _____ C:\Users\User\Downloads[ENG] 160104 EPISODE- BTS ‘The Most Beautiful Moment In Life Pt.2’ Jacket Shooting.mp4
2016-01-16 00:54 - 2016-01-16 00:58 - 10159366 _____ C:\Users\User\Downloads[ENG] 151211 BOMB- Inkigayo Special MC debut Rap Monster.mp4
2016-01-16 00:54 - 2016-01-16 00:55 - 05656614 _____ C:\Users\User\Downloads[ENG] 151105 V.mp4
2016-01-16 00:53 - 2016-01-16 00:53 - 03143347 _____ C:\Users\User\Downloads[ENG] 151222 BOMB- 2 brushes for Jung Kook s teeth.mp4
2016-01-16 00:49 - 2016-01-16 00:51 - 16899508 _____ C:\Users\User\Downloads[ENG] 151231 BOMB- Happy new year 2016!.mp4
2016-01-16 00:49 - 2016-01-16 00:51 - 14599643 _____ C:\Users\User\Downloads[ENG] 151214 BOMB- Jimin s self camera (RUN 151204 ver.).mp4
2016-01-16 00:49 - 2016-01-16 00:49 - 04109942 _____ C:\Users\User\Downloads[ENG] 151230 BOMB- sleepy j-hope.mp4
2016-01-16 00:45 - 2016-01-16 00:47 - 03351475 _____ C:\Users\User\Downloads[ENG] 151223 BOMB- Sleeping Baby bothered with Jin.mp4
2016-01-16 00:44 - 2016-01-16 00:47 - 09470373 _____ C:\Users\User\Downloads[ENG] 151216 BOMB- Playing the rhythm game (…and V’s making a song).mp4
2016-01-16 00:40 - 2016-01-16 00:47 - 56683507 _____ C:\Users\User\Downloads[ENG] 151211 EPISODE- BTS won 1st place at Music Bank with ‘RUN’.mp4
2016-01-16 00:38 - 2016-01-16 00:40 - 10918454 _____ C:\Users\User\Downloads[ENG] 151207 BOMB- Music bank special MC V.mp4
2016-01-16 00:29 - 2016-01-16 00:39 - 31407910 _____ C:\Users\User\Downloads[ENG] 160114 BOMB- Hide and seek with JM, V, JK (#2).mp4
2016-01-16 00:15 - 2016-01-16 00:18 - 13787063 _____ C:\Users\User\Downloads\151231 가요대제전 방탄소년단 perfect man JIMIN focus.mp4
2016-01-08 02:58 - 2016-01-08 02:58 - 00003314 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-08 02:58 - 2016-01-08 02:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-01-08 02:58 - 2016-01-08 02:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Enigma Software Group
2016-01-08 02:58 - 2016-01-08 02:58 - 00000000 _____ C:\autoexec.bat
2016-01-08 02:55 - 2016-01-08 02:55 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-08 02:54 - 2016-01-08 02:54 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-07 20:35 - 2016-01-07 20:35 - 00000131 _____ C:\Windows\system32\netcfg-4175015.txt
2016-01-07 20:33 - 2016-01-07 20:34 - 00000156 _____ C:\Windows\system32\netcfg-4066921.txt
2016-01-07 20:33 - 2016-01-07 20:33 - 00000156 _____ C:\Windows\system32\netcfg-4015718.txt
2016-01-07 20:32 - 2016-01-07 20:32 - 00000156 _____ C:\Windows\system32\netcfg-3975843.txt
2016-01-07 20:21 - 2016-01-07 20:21 - 00000131 _____ C:\Windows\system32\netcfg-3347187.txt
2016-01-07 20:20 - 2016-01-07 20:20 - 00000156 _____ C:\Windows\system32\netcfg-3275703.txt
2016-01-07 20:15 - 2016-01-07 20:34 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-01-07 20:15 - 2016-01-07 20:15 - 00000156 _____ C:\Windows\system32\netcfg-2934468.txt
2016-01-07 20:13 - 2016-01-07 20:14 - 00000156 _____ C:\Windows\system32\netcfg-2853828.txt
2016-01-07 19:57 - 2016-01-07 19:57 - 00000131 _____ C:\Windows\system32\netcfg-1876000.txt
2015-12-26 21:11 - 2015-12-26 21:11 - 00000000 ____D C:\Users\User\Documents\Avatar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 01:10 - 2012-07-25 21:37 - 00000000 ____D C:\Windows
2016-01-16 00:49 - 2014-11-10 01:18 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-16 00:48 - 2014-11-10 01:22 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-16 00:21 - 2013-12-27 09:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-15 17:51 - 2013-12-27 09:09 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3497284572-2413806544-361628044-1001
2016-01-15 16:52 - 2014-11-10 01:18 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 22:42 - 2013-12-27 09:52 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-01-12 22:07 - 2013-12-27 20:16 - 00000000 ____D C:\Users\User\AppData\Roaming\dvdcss
2016-01-12 17:57 - 2013-12-27 21:12 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-01-11 19:04 - 2014-01-11 15:14 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-10 21:07 - 2013-12-27 09:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Winamp
2016-01-08 17:37 - 2013-12-27 09:37 - 00000000 ____D C:\Users\User\Documents\Youcam
2016-01-08 15:38 - 2015-05-26 17:39 - 00000000 ____D C:\Windows\Minidump
2016-01-08 15:38 - 2014-12-23 20:10 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-01-08 15:38 - 2012-07-25 21:37 - 00000000 ____D C:\Windows\Inf
2016-01-08 15:21 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\system32\NDF
2016-01-08 14:46 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-08 09:57 - 2013-12-27 09:48 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-08 09:57 - 2013-12-27 09:48 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-08 09:57 - 2013-12-27 09:03 - 00001430 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-07 20:24 - 2012-07-25 23:28 - 00803370 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-31 15:06 - 2013-12-27 13:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Atheros
2015-12-31 15:06 - 2013-12-27 13:52 - 00000000 ____D C:\Users\User\Documents\Bluetooth Folder
2015-12-27 23:58 - 2013-12-27 09:40 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2015-12-26 21:26 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\ModemLogs
2015-12-26 21:20 - 2015-01-01 01:59 - 00000000 ____D C:\Users\User\Documents\done
2015-12-21 23:25 - 2013-12-27 09:45 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-21 23:25 - 2013-12-27 09:45 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

Some files in TEMP:

C:\Users\User\AppData\Local\Temp\cdo1922773328.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-10 17:42

==================== End of FRST.txt =========

here are the scanned in the farbar. what should i do next?

Let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-3497284572-2413806544-361628044-1001\...\Run: [{AA891A77-AF23-4D04-BB94-E83CC9E15348}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\LHEDF').WMWF))); IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1433470657&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=8e29edcbc8b869be7b66a65g6z6c3c8zag5q9g7t3g HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1433470657&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=8e29edcbc8b869be7b66a65g6z6c3c8zag5q9g7t3g HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410631098&from=sky&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms} SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms} SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms} SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1419388413&from=wpm12233&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E73V9446V9446&q={searchTerms} SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1448335800&from=zzgbkk123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&q={searchTerms} SearchScopes: HKU\S-1-5-21-3497284572-2413806544-361628044-1001 -> {D09CFF09-A42A-4EDC-9804-E61224F59CA1} URL = hxxp://search.naver.com/search.naver?where=nexearch&sm=ies_hty&query={searchTerms}&ie=utf8 BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File FF NewTab: hxxp://www.v9.com?type=hp&ts=1441677153&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=4933e6422bcd86f1a14079egczczfgdq4o5ofw2b2b FF SelectedSearchEngine: V9 FF Homepage: hxxp://www.v9.com?type=hp&ts=1441677153&from=mych123&uid=wdcxwd7500bpvx-22jc3t0_wd-wx11e73v9446v9446&z=4933e6422bcd86f1a14079egczczfgdq4o5ofw2b2b FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\searchplugins\v9-.xml [2015-08-11] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml [2014-12-23] FF Extension: Settings Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\Extensions\{08C62903-0610-0A70-DAB3-03B61D96B1A1} [2014-04-04] [not signed] FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\extensions\detgdp@gmail.com => not found FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hueuim8t.default\extensions\arthurj8283@gmail.com => not found CHR Extension: (Security Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-08-24] CHR Extension: (Security Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-08-24] CHR Extension: (Security Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-08-24] CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg [X] Task: {2E25E899-C61E-47C1-BBAD-222ADA1AAF9C} - System32\Tasks\{3E2FC8C2-4FE5-4ED9-85BB-B1C1D51724E4} => pcalua.exe -a C:\Users\User\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=sky Task: {30D1D9DE-D7B8-4038-866E-FD8B7214B55A} - System32\Tasks\{8BCBD104-7C83-450C-BC6E-9B679D504C8C} => pcalua.exe -a "C:\Program Files (x86)\Kakao\KakaoTalk\uninstall.exe" Task: {4C142B2B-81B9-476B-BDA8-90CB27556AC6} - \PC Performer -> No File <==== ATTENTION Task: {AEB1E972-53F3-4762-BAF8-5BBEC1FAC0FD} - \Ribble -> No File <==== ATTENTION C:\Program Files (x86)\Movies Toolbar C:\Users\User\AppData\Roaming\istartsurf\ Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg delete HKCU:\Software\Classes\LHEDF RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

here is my fixlog

That does not look right … Could you confirm that you ran the fix

Attach a fresh FRST please